ebpftracer

package
v1.44.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 14, 2025 License: Apache-2.0 Imports: 51 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	TailSchedProcessExecEventSubmit uint32 = iota
	MaxTail
)
View Source 
const (
	ProbeSysEnter handle = iota
	ProbeSysExit
	ProbeSyscallEnter__Internal
	ProbeSyscallExit__Internal
	ProbeSchedProcessFork
	ProbeSchedProcessExec
	ProbeSchedProcessExit
	ProbeSchedProcessFree
	ProbeSchedSwitch
	ProbeVfsWriteMagic
	ProbeVfsWriteMagicRet
	ProbeVfsWriteVMagic
	ProbeVfsWriteVMagicRet
	ProbeKernelWriteMagic
	ProbeKernelWriteMagicRet
	ProbeCgroupMkdir
	ProbeCgroupRmdir
	ProbeSecurityBPRMCheck
	ProbeSecuritySocketConnect
	ProbeSecurityInodeFollowLink
	ProbeCgroupSKBIngress
	ProbeCgroupSKBEgress
	ProbeFileUpdateTime
	ProbeFileUpdateTimeRet
	ProbeFileModified
	ProbeFileModifiedRet
	ProbeFdInstall
	ProbeFilpClose
	ProbeExecBinprm
	ProbeOomMarkVictim
	ProbeTtyOpen
	ProbeTtyWrite
	ProbeCgroupSockCreate
	ProbeCgroupSockOpts
	ProbeDoFilpOpen
)
View Source 
const (
	UnknownMetric eBPFMetric = iota
)

Variables

View Source 
var (
	ErrFilterPass              error = nil
	ErrFilterRateLimit               = errors.New("rate limit")
	ErrErrEmptyDNSResponse           = errors.New("empty dns response")
	ErrErrDNSDuplicateDetected       = errors.New("dns duplicate detected")
)
View Source 
var ErrPanic = errors.New("encountered panic")

ErrPanic indicating that the resulting error was caught from a panic

Functions

func EnabledBPFStats added in v1.21.0 

func EnabledBPFStats(log *logging.Logger) (func(), error)

Types

type ActualDestinationGetter 

type ActualDestinationGetter interface {
	GetDestination(src, dst netip.AddrPort) (netip.AddrPort, bool)
}

ActualDestinationGetter is used to find actual destination ip. Usually this info is obtained from conntrack.

type ArgType 

type ArgType uint8

type CgroupClient added in v1.3.0 

type CgroupClient interface {
	GetCgroupsRootPath() string
	LoadCgroup(id cgroup.ID, path string) bool
	CleanupCgroup(cgroup cgroup.ID)
	IsDefaultHierarchy(uint32) bool
}

type Config 

type Config struct {
	BTFPath string

	SignalEventsRingBufferSize uint32 `validate:"required"`
	EventsRingBufferSize       uint32 `validate:"required"`
	SkbEventsRingBufferSize    uint32 `validate:"required"`

	EventsOutputChanSize   int
	DefaultCgroupsVersion  string `validate:"required,oneof=V1 V2"`
	DebugEnabled           bool
	AutomountCgroupv2      bool
	ContainerClient        ContainerClient
	CgroupClient           CgroupClient
	SignatureEngine        *signature.SignatureEngine
	MountNamespacePIDStore *types.PIDsPerNamespace
	// All PIPs reported from ebpf will be normalized to this PID namespace
	HomePIDNS            proc.NamespaceID
	AllowAnyEvent        bool
	FileAccessEnabled    bool
	NetflowsEnabled      bool
	NetflowGrouping      NetflowGrouping
	TrackSyscallStats    bool
	ProcessTreeCollector processTreeCollector
	MetricsReporting     MetricsReportingConfig
	PodName              string
}

type ContainerClient 

type ContainerClient interface {
	GetOrLoadContainerByCgroupID(ctx context.Context, cgroup cgroup.ID) (*containers.Container, error)
	AddContainerByCgroupID(ctx context.Context, cgroupID cgroup.ID) (cont *containers.Container, rerrr error)
	CleanupByCgroupID(cgroup cgroup.ID)
}

type EventFilter 

type EventFilter func(event *types.Event) error

EventFilter allows for filtering of events before they are send to the server

type EventFilterGenerator 

type EventFilterGenerator func() EventFilter

EventFilterGenerator Produces an event filter for each call

func FilterAnd 

func FilterAnd(filtersGenerators ...EventFilterGenerator) EventFilterGenerator

func GlobalEventFilterGenerator 

func GlobalEventFilterGenerator(filter EventFilter) EventFilterGenerator

GlobalEventFilterGenerator always returns the given filter on each generator invocation. This is useful, if you want some global filtering across cgroups.

func RateLimit 

func RateLimit(spec RateLimitPolicy) EventFilterGenerator

func RateLimitPrivateIP added in v1.13.2 

func RateLimitPrivateIP(spec RateLimitPolicy) EventFilterGenerator

func SkipPrivateIP added in v1.29.0 

func SkipPrivateIP() EventFilterGenerator

type EventPolicy 

type EventPolicy struct {
	ID                 events.ID
	PreFilterGenerator PreEventFilterGenerator
	FilterGenerator    EventFilterGenerator
	KernelFilters      []KernelEventFilter
}

type EventProbe 

type EventProbe struct {
	// contains filtered or unexported fields
}

type EventsPolicyConfig added in v1.17.0 

type EventsPolicyConfig struct {
	EnabledEvents []events.ID `json:"enabledEvents"`
}

func (*EventsPolicyConfig) Set added in v1.17.0 

func (n *EventsPolicyConfig) Set(s string) error

func (*EventsPolicyConfig) String added in v1.17.0 

func (n *EventsPolicyConfig) String() string

func (*EventsPolicyConfig) Type added in v1.17.0 

func (n *EventsPolicyConfig) Type() string

type FileAccessKey added in v1.39.7 

type FileAccessKey tracerFileAccessKey

type FileAccessStats added in v1.39.7 

type FileAccessStats tracerFileAccessStats

type KernelEventFilter added in v1.30.0 

type KernelEventFilter struct {
	Name        string
	Description string
}

KernelEventFilter is a placeholder and currently used for documentation purposes only. Each used filter is describer with explanation how it's implemented in the kernel.

type LRUPolicy 

type LRUPolicy struct {
	Size int
}

type MetricsReportingConfig added in v1.21.0 

type MetricsReportingConfig struct {
	ProgramMetricsEnabled bool
	TracerMetricsEnabled  bool
}

func (MetricsReportingConfig) Enabled added in v1.21.0 

func (m MetricsReportingConfig) Enabled() bool

type NetflowGrouping added in v1.13.1 

type NetflowGrouping uint64
const (
	NetflowGroupingDropSrcPort NetflowGrouping = (1 << iota)
)

func (*NetflowGrouping) Set added in v1.13.1 

func (n *NetflowGrouping) Set(s string) error

func (*NetflowGrouping) String added in v1.13.1 

func (n *NetflowGrouping) String() string

func (*NetflowGrouping) Type added in v1.13.1 

func (n *NetflowGrouping) Type() string

type Policy 

type Policy struct {
	SystemEvents    []events.ID // List of events required for internal tasks such as cache cleanup
	SignatureEvents []events.ID
	Events          []*EventPolicy
	Output          PolicyOutputConfig
}

type PolicyOutputConfig 

type PolicyOutputConfig struct {
	RelativeTime bool
	ExecHash     bool

	ParseArguments    bool
	ParseArgumentsFDs bool
	EventsSorting     bool
}

type PreEventFilter 

type PreEventFilter func(ctx *types.EventContext, decoder *decoder.Decoder) (types.Args, error)

PreEventFilter allows for filtering of events coming from the kernel before they are decoded. Parsed args should be returned if filter passes.

type PreEventFilterGenerator 

type PreEventFilterGenerator func() PreEventFilter

EventFilterGenerator Produces an pre event filter for each call

func DeduplicateDNSEventsPreFilter added in v1.30.0 

func DeduplicateDNSEventsPreFilter(log *logging.Logger, size uint32, ttl time.Duration) PreEventFilterGenerator

DeduplicateDNSEventsPreFilter skips sending dns events which are already in the local per cgroup cache.

func GlobalPreEventFilterGenerator 

func GlobalPreEventFilterGenerator(filter PreEventFilter) PreEventFilterGenerator

GlobalPreEventFilterGenerator always returns the given filter on each generator invocation. This is useful, if you want some global filtering across cgroups.

type RateLimitPolicy 

type RateLimitPolicy struct {
	// If interval is set rate limit can be used as interval based sampling. In such case burst is always 1.
	Interval time.Duration

	// Rate is events per second.
	Rate  float64
	Burst int
}

RateLimitPolicy allows to configure event rate limiting.

type SyscallID 

type SyscallID uint32

func (SyscallID) String 

func (s SyscallID) String() string

type SyscallStats 

type SyscallStats struct {
	ID    SyscallID
	Count uint64
}

type SyscallStatsKeyCgroupID 

type SyscallStatsKeyCgroupID uint64

type TailCall 

type TailCall struct {
	// contains filtered or unexported fields
}

type Tracer 

type Tracer struct {
	// contains filtered or unexported fields
}

func New 

func New(log *logging.Logger, cfg Config) *Tracer

func (*Tracer) ApplyPolicy 

func (t *Tracer) ApplyPolicy(policy *Policy) error

func (*Tracer) Close 

func (t *Tracer) Close() error

func (*Tracer) CollectFileAccessStats added in v1.39.7 

func (t *Tracer) CollectFileAccessStats() ([]FileAccessKey, []FileAccessStats, error)

func (*Tracer) CollectNetworkSummary added in v1.21.0 

func (t *Tracer) CollectNetworkSummary() ([]TrafficKey, []TrafficSummary, error)

func (*Tracer) Events 

func (t *Tracer) Events() <-chan *types.Event

func (*Tracer) GetEventName added in v1.4.0 

func (t *Tracer) GetEventName(id events.ID) string

func (*Tracer) IsCgroupMuted 

func (t *Tracer) IsCgroupMuted(cgroup uint64) bool

func (*Tracer) Load 

func (t *Tracer) Load() error

func (*Tracer) MuteEventsFromCgroup 

func (t *Tracer) MuteEventsFromCgroup(cgroup uint64, reason string) error

func (*Tracer) MuteEventsFromCgroups 

func (t *Tracer) MuteEventsFromCgroups(cgroups []uint64, reason string) error

func (*Tracer) ReadSyscallStats 

func (t *Tracer) ReadSyscallStats() (map[SyscallStatsKeyCgroupID][]SyscallStats, error)

func (*Tracer) Run 

func (t *Tracer) Run(ctx context.Context) error

func (*Tracer) UnmuteEventsFromCgroup 

func (t *Tracer) UnmuteEventsFromCgroup(cgroup uint64) error

func (*Tracer) UnmuteEventsFromCgroups 

func (t *Tracer) UnmuteEventsFromCgroups(cgroups []uint64) error

type TracerEventContextT added in v1.21.0 

type TracerEventContextT = tracerEventContextT

func (TracerEventContextT) Encode added in v1.36.1 

func (t TracerEventContextT) Encode() ([]byte, error)

type TrafficKey added in v1.21.0 

type TrafficKey tracerIpKey

type TrafficSummary added in v1.21.0 

type TrafficSummary tracerTrafficSummary

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.